Summary: | <net-misc/curl-7.61.0: Heap-based Buffer Overflow (CVE-2018-0500) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Florian Schuhmacher <mynt1aa> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | blueness |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://curl.haxx.se/docs/adv_2018-70a2.html | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
net-misc/curl-7.61.0
|
Runtime testing required: | --- |
Description
Florian Schuhmacher
2018-07-11 08:23:31 UTC
I've just added 7.61.0 to the tree and is not vulnerable to CVE-2018-0500. We should rapid stabilize: KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86" I've also added the exp profiles if someone wants to stabilize them. please provide a package list to start stabilization amd64 stable arm64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2010331926d98698e2e1bf0b8c29b6f9310686c7 commit 2010331926d98698e2e1bf0b8c29b6f9310686c7 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-07-12 20:19:41 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-12 21:16:32 +0000 net-misc/curl: stable 7.61.0 for sparc Bug: https://bugs.gentoo.org/660894 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="sparc" net-misc/curl/curl-7.61.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7071222f9d52c02eeb6955efca0c480b7f49460f commit 7071222f9d52c02eeb6955efca0c480b7f49460f Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-07-13 05:28:51 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-13 06:06:12 +0000 net-misc/curl: stable 7.61.0 for hppa Bug: https://bugs.gentoo.org/660894 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="hppa" net-misc/curl/curl-7.61.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3c712867711e5f37f6bc2eb26d6bbb7a96965be commit d3c712867711e5f37f6bc2eb26d6bbb7a96965be Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-07-14 17:59:10 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-14 17:59:10 +0000 net-misc/curl: stable 7.61.0 for ia64, bug #660894 Bug: https://bugs.gentoo.org/660894 Package-Manager: Portage-2.3.42, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" net-misc/curl/curl-7.61.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6961eb2526e4fc9687068f5cec6e20d0d581da77 commit 6961eb2526e4fc9687068f5cec6e20d0d581da77 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-07-14 19:59:37 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-14 19:59:37 +0000 net-misc/curl: stable 7.61.0 for ppc64, bug #660894 Bug: https://bugs.gentoo.org/660894 Package-Manager: Portage-2.3.42, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc64" net-misc/curl/curl-7.61.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15b8fdf1549bc50cbe1a31b12efa8cffe230e25e commit 15b8fdf1549bc50cbe1a31b12efa8cffe230e25e Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-07-14 20:13:50 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-14 20:13:50 +0000 net-misc/curl: stable 7.61.0 for ppc, bug #660894 Bug: https://bugs.gentoo.org/660894 Package-Manager: Portage-2.3.42, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" net-misc/curl/curl-7.61.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) x86 stable Stable on alpha. arm/m68k/s390/sh done GLSA filed. @Maintainer, please clean. This issue was resolved and addressed in GLSA 201807-04 at https://security.gentoo.org/glsa/201807-04 by GLSA coordinator Christopher Diaz Riveros (chrisadr). @Maintainers please proceed to clean vulnerable versions. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6681b26b2091f8ea5414a03bf79d1459cc197c96 commit 6681b26b2091f8ea5414a03bf79d1459cc197c96 Author: Mikle Kolyada <zlogene@gentoo.org> AuthorDate: 2018-09-21 16:41:27 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2018-09-21 16:41:27 +0000 net-misc/curl: Security cleanup Bug: https://bugs.gentoo.org/665292 Bug: https://bugs.gentoo.org/660894 Package-Manager: Portage-2.3.49, Repoman-2.3.10 net-misc/curl/Manifest | 2 - net-misc/curl/curl-7.60.0-r1.ebuild | 247 ------------------------------------ net-misc/curl/curl-7.60.0.ebuild | 247 ------------------------------------ net-misc/curl/curl-7.61.0.ebuild | 247 ------------------------------------ 4 files changed, 743 deletions(-) All done, repository is clean. |